HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 81 guests and 3 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow CEH - Certified Ethical Hackerarrow php/meterpreter Redirection after session !!
EH-Net
May 26, 2012, 07:16:17 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: php/meterpreter Redirection after session !!  (Read 3113 times)
0 Members and 1 Guest are viewing this topic.
rebrov
Full Member
***
Offline Offline

Posts: 128



View Profile
« on: October 01, 2011, 03:06:31 AM »
is there anyway to redirect victim at php/meterpreter payload after opening session ??

like he clicked the .php link and session is opened , how to redirect him after session opened like iframe in ettercap ??

i tried to edit the .php file created with metasploit with link redirection but didn't work :S
Logged
hayabusa
Hero Member
*****
Offline Offline

Posts: 1304



View Profile
« Reply #1 on: October 01, 2011, 11:06:42 AM »
What, exactly, are you trying to redirect the victim to?  What is the end goal?
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH
rebrov
Full Member
***
Offline Offline

Posts: 128



View Profile
« Reply #2 on: October 02, 2011, 03:55:13 AM »
the end goal is to redirect him to the original site ,, like iframe he is openning normal webpage and u act ur self like a router , to redirect him to his original request thats all

but in this technique he will be redirect after been exploited to the original link path he clicked on ??
Logged
MaXe
Hero Member
*****
Offline Offline

Posts: 507


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #3 on: October 02, 2011, 11:08:49 AM »
Quote from: rebrov on October 02, 2011, 03:55:13 AM
the end goal is to redirect him to the original site ,, like iframe he is openning normal webpage and u act ur self like a router , to redirect him to his original request thats all

but in this technique he will be redirect after been exploited to the original link path he clicked on ??

In the PHP file, add the following code right after the PHP meterpreter has been initialized:
header("Location: http://whatever.tld");

Then in the Meterpreter, you make sure it migrates to another file first by writing your own script and then make it call itself again on perhaps another listening process (multi/handler).

I have no exact way to do this, as I've never done but that is how you could do it.

All you gotta do, is to learn some basic Meterpreter scripting, and some very basic PHP so you understand how it functions.

Preferably you research this first on your own.

Remember, this forum is for educational and ethical purposes only.
Logged
I'm an InterN0T'er
rebrov
Full Member
***
Offline Offline

Posts: 128



View Profile
« Reply #4 on: October 02, 2011, 05:40:16 PM »
Quote from: MaXe on October 02, 2011, 11:08:49 AM
Quote from: rebrov on October 02, 2011, 03:55:13 AM
the end goal is to redirect him to the original site ,, like iframe he is openning normal webpage and u act ur self like a router , to redirect him to his original request thats all

but in this technique he will be redirect after been exploited to the original link path he clicked on ??

In the PHP file, add the following code right after the PHP meterpreter has been initialized:
header("Location: http://whatever.tld");

Then in the Meterpreter, you make sure it migrates to another file first by writing your own script and then make it call itself again on perhaps another listening process (multi/handler).

I have no exact way to do this, as I've never done but that is how you could do it.

All you gotta do, is to learn some basic Meterpreter scripting, and some very basic PHP so you understand how it functions.

Preferably you research this first on your own.

Remember, this forum is for educational and ethical purposes only.

thanks and yes i always learn for knowledge not for hacking it self Smiley

and ofcourse its for educational and ethical purposes only .
Logged
jeffersonkane
Newbie
*
Offline Offline

Posts: 5


View Profile
« Reply #5 on: December 10, 2011, 07:32:09 AM »
I have no exact way to do this, as I've never done but that is how you could do it. All you gotta do, is to learn some basic Meterpreter scripting, and some very basic PHP so you understand how it functions.
Logged
r4 3ds
Ignatius
Jr. Member
**
Offline Offline

Posts: 91


View Profile
« Reply #6 on: December 10, 2011, 01:41:24 PM »
This sounds an interesting idea.  I'm surprised that the development folks haven't thought about this and implemented it already.  Of course, they might have and discounted it for some reason!
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.294 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.